A Practical Guide to Building a Quantitative Risk Management Program on a Budget

In this talk, you will learn key factors to transition your risk program to one focused on FAIR-derived quantitative practices. Understand and properly align quantitative goals and how they drive strategic alignment and help reduce operational losses. Delve into program planning, roadmap design, and executive buy-in to enable a viable transition to quantitative enterprise risk management. The main processes, training, and tool considerations will be addressed, both the good and the bad. Specific open source tools and workflow design will be reviewed including how to practically operationalize those mechanisms. Finally, the talk will close out with sharp edges to be mindful of and planned design changes.

Tim Anderson is the VP of Compliance and Risk at ID.me where he focuses on value driven risk management practices and compliance as a representation of program quality. Before joining ID.me, Tim was part of AWS Security advising internal and external customers globally on security risk, governance, and compliance practices. Prior to AWS, Tim spent 16+ years designing, delivering and managing security and compliance programs for U.S. Federal customers across DoD and civilian agencies.